Menu
I am trying to give access permission for S3 bucket in account to another account.
For the created bucket in permission tab there is an option of Access for other AWS accounts. Under that I am seeing an Add Account button. I clicked it and gave my other account from which I want to access this bucket.
However, I am getting an Invalid ID error.
772
You can allow users from one AWS account to access resources in another AWS account. To do this, create a role that defines who can access it and what permissions it grants to users that switch to it.
For getting the canonical ID, one of the simplest ways is to use CLI and run
aws s3api list-buckets command.
You will get the ID in the output.
There are other ways also for getting the canonical ID and are clearly described in the aws docs: https://docs.aws.amazon.com/general/latest/gr/acct-identifiers.html
list-buckets aws docs: https://docs.aws.amazon.com/cli/latest/reference/s3api/list-buckets.html
168
If you wish to grant access to specific User in a different account, it's quite simple. (I don't think this method will work for giving access to a different Account.)
Let's say you have:
Ask User B for the ARN associated with their IAM User. This can be seen in the IAM Management Console and it will look like:
arn:aws:iam::123456789012:user/fred
Then, add a Bucket Policy to Bucket A:
{
"Version": "2012-10-17",
"Id": "S3AccessPolicy",
"Statement": [
{
"Sid": "GiveFredAccess",
"Effect": "Allow",
"Principal": {
"AWS": "arn:aws:iam::123456789012:user/fred"
},
"Action": [
"s3:GetObject",
"s3:ListBucket"
],
"Resource": [
"arn:aws:s3:::bucket-a",
"arn:aws:s3:::bucket-a/*"
]
}
]
}
This will allow Fred to access the S3 bucket. This works for users in the same account AND for users in a different account.
44
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
